<?
include ('../variables.php');
include ('../sessions.php');

$webDIR="admin";
//$save_type="MySQL";
session_start();

$dbh = get_master_connect();
if (!$dbh) {
		echo "We are sorry but we cannot process your request at the moment<BR>";
		exit_now();
}

if (getenv(REQUEST_METHOD) == "POST") {
			$userName = strtolower(validate($HTTP_POST_VARS[username]));
			$passWord = validate($HTTP_POST_VARS[password]);
			if (!$userName || !$passWord) header("Location: $baseURL/members/login.html");
			//if (!check_user_pass($userName, $passWord)){
			if($userName != "administrator" || $passWord!='c@rt1ng4Us'){
				header("Location: $baseURL/admin/login.html?errorMsg=wrong password");
				exit_now();
			}else {
				//kill_old_sessions();
//				$sid = session_get_unique_id();
				$errorMsg = "";
				$statusMsg = "";
				$memberAuthenticated = "yes";
				$administrator = "yes";
				$userName = "";
				$_SESSION['memberAuthenticated'] = true;
		                $_SESSION['userName'] = $userName;
			        $_SESSION['reseller_id'] = $id;

//				session_register_(array(errorMsg, statusMsg,memberAuthenticated,userName,administrator,passWord), sid);
//				session_save(sid);
				$params[sid] = $sid;
				$params[action] = 1;
				$url="$baseURL/$webDIR/?".encode_params($params);
				header("Location: $url");
			}

}

?>
